Rank:

None

Points:

Posts:

Joined:

Apr 30, 2010

I'm concerned as well. I am new to smartphones so I want to be extra careful about a lot of these things. Another one that somewhat concerned me (not so much for privacy) but just for my phone's functionality: "prevent phone from sleeping"

Rank:

None

Points:

Posts:

Joined:

May 7, 2010

If this is anything like the application rights management for Nokia's Symbian Signed program, it's probably nothing to worry about. App developers basically have a menu of app rights that they can choose to request, and some devs are just a bit more liberal in selecting which rights to request (perhaps because their development vision was more ambitious/open-ended initially). In reality, their apps may only actually use a fraction of the app rights selected.

Also, sometimes the description of the app rights may be more general than what the app actually needs. In Symbian's case, this is because the rights are grouped into pre-defined groups (like the "display system-level alerts, modify global system settings, prevent phone from sleeping" example above) that can't be split into finer-grained sub-rights. So if an app developer just wanted to "display system-level alerts", he still has to request the right to do all of the above, even if he had no intention of utilizing the "modify global system settings, prevent phone from sleeping" functionality.

Of course, if you do find something that seems doubtful, it likely wouldn't hurt to at least ask the dev to clarify his/her intent.

Rank:

None

Points:

Posts:

Joined:

Jun 28, 2010

Is there a developer web page that lists all of these 'access resources' so we can at least determine the possible risks and make decisions before we download and install? Granted access in situations you just described is probably 99% as you say. But for that 1% who may have alternative motives (access and copy back your account lists, phone numbers, and other data, etc. for say, viral marketing purposes) once you grant access, your data is shared and the damage is done. Once an application has access, can it 'upload' this data back to the application developer if it has full internet access or is this access limited to just the local phone environment?

Rank:

None

Points:

Posts:

Joined:

Apr 16, 2010

i'd suggest making a tin foil hat for your incredible if you are that worried...

Click to expand...

While true that rarely are any apps malicious, this practice of asking for permissions that are not required for the app to operate is setting the android community up for a big wake up call in the future.

There will someday be an app that is malicious, and it will ask for the same permissions everything else does, and because it's common practice, no one will question it. The payload will likely be a DDOS that you don't even know your phone is doing until your carrier cuts you off completely, along with thousands and possibly millions of others.

Because such an app could seem completely innocuous, and code for such an app easy to write and hide, there may already be such apps in circulation, just waiting for the right time or update to become active.

If we could disable permissions we don't want apps to have, taking our chances with whether or not it would work properly, then this could and would be avoided. If all market apps were properly screened and denied when they require permissions that do not make sense for their purpose and use, this could also be avoided.